Jailbreak proves a bad move for iPhone owners

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Secu­ri­ty firm Palo Alto Net­works and a group of Chi­nese iPhone devel­op­ers named Weiptech revealed that a piece of iPhone mal­ware they call KeyRaider has stolen 225,000 iOS users’ iTunes login cre­den­tials. After some­one installs the mal­ware, which hides in pack­ages of code that offer “tweaks” to the iPhone’s oper­at­ing sys­tem, it’s designed to inter­cept their iTunes login details and send them to a remote serv­er. Each stolen account allows the victim’s iTunes pay­ment infor­ma­tion to be hijacked and used to install paid apps on oth­er iOS devices. Palo Alto Net­works says that a sep­a­rate app designed to allow peo­ple to install free apps has been installed more than 20,000 times. Who is pay­ing for those people’s free apps? KeyRaider’s vic­tims. The researchers call the KeyRaider attack “the largest known Apple account theft caused by mal­ware.” The vic­tim accounts all appar­ent­ly belong to peo­ple who jail­broke their iPhones so apps could be installed that aren’t approved by Apple’s app store. Source: Wired

The ‘winner’ might not be the duly elected candidate

Some experts say U.S. vot­ing machines are so inse­cure that all elec­tions, whether at the nation­al, state or local lev­el, are vul­ner­a­ble to being attacked by hack­ers in oth­er coun­tries, and the attacks could go unde­tect­ed. It’s dif­fi­cult for com­put­er sci­en­tists to pin­point exact­ly how many pro­gram­mers around the world are capa­ble of remote­ly breach­ing elec­tion software—whether that’s the vote itself or oth­er relat­ed data—such as vot­er-reg­is­tra­tion records. How­ev­er, many agree that the intel­lec­tu­al bar­ri­er is not sig­nif­i­cant. Each state con­ducts its own sys­tem of vot­ing, and some elec­tion pro­to­cols are more secure than oth­ers. That said, all modes of com­put­er­ized vot­ing are sub­ject to being com­pro­mised. For exam­ple, Inter­net vot­ing, also known as iVot­ing, allows cit­i­zens to vote through an online por­tal or by email or by fax. If not encrypt­ed prop­er­ly, these trans­ac­tions could be com­pro­mised. Source: WhoWhat­Why

Fool me once, shame on you; fool me twice …

sh_voting machine_280Scam artists are using high-pro­file secu­ri­ty breaches—such as the Ash­ley Madi­son hack and Car­phone Ware­house data breach—to per­suade peo­ple to reveal their bank details by cap­i­tal­iz­ing on fear. Wide­ly report­ed data breach­es have prompt­ed a rise in cold calls, texts and emails from fraud­sters try­ing to gain access to per­son­al infor­ma­tion. Vic­tims who lose mon­ey to the trick­sters won’t get refunds from their banks because, unlike hack­ers who access details with­out con­sent, these scam­mers per­suade vic­tims to reveal account num­bers and PINs by pos­ing as secu­ri­ty experts or police offi­cers. They tell poten­tial vic­tims that they are tar­gets of fic­ti­tious new hacks. Source: The (U.K.) Telegraph

We’re still here

sh_cheating_280Despite rumors that the end is near for Ash­ley Madi­son after a hack­ing attack out­ed some 32 mil­lion would-be cheaters, the com­pa­ny says the site is flour­ish­ing. Avid Life Media, par­ent com­pa­ny of Ash­ley Madi­son, released a state­ment deny­ing rumors that the site is shut­ting, and dis­put­ing a wide­ly pub­li­cized analy­sis that found few real women active­ly used its ser­vices. “Recent media reports pre­dict­ing the immi­nent demise of Ash­ley Madi­son are great­ly exag­ger­at­ed,” the com­pa­ny state­ment said. “Despite hav­ing our busi­ness and cus­tomers attacked, we are grow­ing. This past week alone, hun­dreds of thou­sands of new users signed up for the Ash­ley Madi­son platform—including 87,596 women.” Source: CBS News

The enemy of my enemy

The iden­ti­ties of a group of Amer­i­can tech­ni­cal experts who pro­vid­ed assis­tance to covert oper­a­tions by the U.S. gov­ern­ment over­seas have been com­pro­mised as the result of cross-ref­er­enc­ing of data from the Office of Per­son­nel Man­age­ment and oth­er recent data breach­es. Two offi­cials speak­ing on con­di­tion of anonymi­ty said Chi­nese and Russ­ian intel­li­gence agen­cies have worked with both pri­vate soft­ware com­pa­nies and crim­i­nal hack­ing rings to obtain and ana­lyze data. William Evan­i­na, the Nation­al Coun­ter­in­tel­li­gence Exec­u­tive for the Office of the Direc­tor of Nation­al Intel­li­gence, con­firmed that data from breach­es “absolute­ly” had been used to unmask U.S. covert agents. Per­form­ing ana­lyt­ics on breached data could tell for­eign intel­li­gence agen­cies “who is an intel­li­gence offi­cer, who trav­els where, when, who’s got finan­cial dif­fi­cul­ties, who’s got med­ical issues” and help cre­ate a “com­mon pic­ture” of U.S. intel­li­gence oper­a­tions, he said. Source: The Los Ange­les Times

Not letting things slide

China long shadow flag with a weight scaleThe Oba­ma admin­is­tra­tion is draft­ing an esca­lat­ing series of actions, includ­ing eco­nom­ic sanc­tions and curbs on doing busi­ness in the Unit­ed States, to pun­ish Chi­na and oth­er nations that hack cor­po­rate com­put­er net­works, accord­ing to two admin­is­tra­tion offi­cials with knowl­edge of the plan­ning. The mea­sures have not yet been decid­ed, the offi­cials said, and the admin­is­tra­tion is mov­ing cau­tious­ly, as actions being con­sid­ered include cyber retal­i­a­tion, which could reveal infor­ma­tion about U.S. gov­ern­ment and pri­vate cyber­se­cu­ri­ty capa­bil­i­ties. It also could trig­ger fur­ther online or com­mer­cial war­fare that would be dif­fi­cult to con­tain. The actions under con­sid­er­a­tion wouldn’t be tar­get­ed sole­ly at Chi­na, the offi­cials said. Source: Bloomberg Busi­ness 

Well, you see, that is …

After Sony Pic­tures was hacked, it brought in famed lawyer David Boies to threat­en any­one who pub­lished any infor­ma­tion from the hack, claim­ing that it was a vio­la­tion of the First Amend­ment and threat­ened to sue Twit­ter, claim­ing that Twit­ter would be held “respon­si­ble for any dam­age or loss aris­ing from such use or dis­sem­i­na­tion by Twit­ter.” Sony argued the hack was incred­i­bly harm­ful. How­ev­er, now, the com­pa­ny is in court argu­ing that there has been no harm done to its employ­ees, who have filed a class-action law­suit against Sony for fail­ing to pro­tect their data. Sony says that any employ­ees’ per­son­al­ly iden­ti­fi­able infor­ma­tion that was exposed was not par­tic­u­lar­ly pri­vate in the first place. Source: Tech Dirt

sh_data protection_280We’ll pay you now; you pay us later

With more than 900 mil­lion report­ed records exposed by cyber attacks in 2014, more com­pa­nies are look­ing at trans­fer­ring risks to insur­ance providers. Cur­rent­ly, insur­ers are find­ing it dif­fi­cult to assign the prop­er val­ue to data or sys­tems, or to deter­mine appro­pri­ate poli­cies since they are unable to scope the cyber risk envi­ron­ment of an orga­ni­za­tion. “More infor­ma­tion shar­ing and under­stand­ing of event impact and the asso­ci­at­ed longer-term costs (through post-inci­dent ana­lyt­ics, for exam­ple) can help remove some of these obsta­cles. In turn, this will dri­ve bet­ter pol­i­cy rates and see the cyber insur­ance mar­ket pro­gres­sive­ly emerge from its niche, despite being around for over 30 years,” says Michela Ment­ing, research direc­tor for ABI Research, which fore­casts the mar­ket will hit $10 bil­lion by 2020. Source: First Post